Learning Network Forensics

Priekinis viršelis
Packt Publishing Ltd, 2016-02-29 - 274 psl.

Identify and safeguard your network against both internal and external threats, hackers, and malware attacks

About This Book
  • Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic
  • Connect the dots by understanding web proxies, firewalls, and routers to close in on your suspect
  • A hands-on guide to help you solve your case with malware forensic methods and network behaviors
Who This Book Is For

If you are a network administrator, system administrator, information security, or forensics professional and wish to learn network forensic to track the intrusions through network-based evidence, then this book is for you. Basic knowledge of Linux and networking concepts is expected.

What You Will Learn
  • Understand Internetworking, sources of network-based evidence and other basic technical fundamentals, including the tools that will be used throughout the book
  • Acquire evidence using traffic acquisition software and know how to manage and handle the evidence
  • Perform packet analysis by capturing and collecting data, along with content analysis
  • Locate wireless devices, as well as capturing and analyzing wireless traffic data packets
  • Implement protocol analysis and content matching; acquire evidence from NIDS/NIPS
  • Act upon the data and evidence gathered by being able to connect the dots and draw links between various events
  • Apply logging and interfaces, along with analyzing web proxies and understanding encrypted web traffic
  • Use IOCs (Indicators of Compromise) and build real-world forensic solutions, dealing with malware
In Detail

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network.

The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.

Style and approach

An easy-to-follow book filled with real-world case studies and applications. Each topic is explained along with all the practical tools and software needed, allowing the reader to use a completely hands-on approach.

 

Ką žmonės sako - Rašyti recenziją

Neradome recenzijų įprastose vietose.

Pasirinkti puslapiai

Turinys

Becoming Network 007s
1
Laying Hands on the Evidence
33
Capturing Analyzing Data Packets
65
Going Wireless
89
Tracking an Intruder on the Network
113
Connecting the Dots Event Logs
129
Proxies Firewalls and Routers
153
Smuggling Forbidden Protocols Network Tunneling
181
Investigating MalwareCyber Weapons of the Internet
197
Closing the DealSolving the Case
221
Index
243
Autorių teisės

Kiti leidimai - Peržiūrėti viską

Pagrindiniai terminai ir frazės

Apie autorių (2016)

Samir Datt has been dabbling with digital investigations since 1988, which was around the time he solved his first case with the help of an old PC and Lotus 123. He is the Founder CEO of Foundation Futuristic Technologies (P) Ltd, better known as ForensicsGuru.com. He is widely credited with evangelizing computer forensics in the Indian subcontinent and has personally trained thousands of law enforcement officers in the area. He has the distinction of starting the computer forensics industry in South Asia and setting up India's first computer forensic lab in the private sector. He is consulted by law enforcement agencies and private sector on various technology-related investigative issues. He has extensive experience in training thousands of investigators as well as examining a large number of digital sources of evidence in both private and government investigations.

Bibliografinė informacija